EU Tells US: End Mass Spying

Responding to surveillance revelations, EU officials seek changes in commercial and law enforcement data sharing arrangements with the US.

The European Commission, the EU's executive body, is demanding that the US respect the privacy rights of EU citizens and is seeking changes in its commercial and law enforcement data sharing arrangements with the US to "restore trust."

The Commission on Wednesday issued a strategy paper, an analysis of the Safe Harbor agreement that governs international commercial data flows, and a Data Protection report, among other documents, in response to ongoing revelations about the extent of US surveillance.

"Massive spying on our citizens, companies and leaders is unacceptable," said EU Justice Commissioner Viviane Reding in a statement. "Citizens on both sides of the Atlantic need to be reassured that their data is protected and companies need to know existing agreements are respected and enforced."

The Commission's concern about loss of trust translates into potential loss of revenue. The Information Technology & Innovation Foundation (ITIF), a Washington-based policy research group, projects US IT industry losses of $22 billion to $35 billion by 2016, because foreign businesses and governments fear having their data scoured by US intelligence agencies.

Add to that the certainty that other government intelligence agencies are doing the same thing, or at least trying to, and the entire premise of cloud computing crumbles. Without a foundation of trust and a legal framework that exists in full public view and protects rather than yields, there's a strong impetus to avoid the cloud and rely only on internal corporate computing resources.

Though the EU says the Safe Harbor agreement governing commercial data sharing "cannot be maintained," it doesn't appear to be threatening to rescind the agreement. Rather, it seeks to improve it with stronger protections for EU citizens, principally a path for judicial redress. The US Privacy Act of 1974 protects US citizens and legal permanent residents, but not EU citizens.

The Commission has made 13 recommendations about how to improve Safe Harbor. The recommendations cover privacy dispute redress, privacy policy transparency, privacy enforcement mechanisms (like compliance audits), and limitations on exceptional access by US authorities (only when "strictly necessary or proportionate," as if such assurances hadn't already been offered).

Changes in the way data is handled and accessed in the EU and US will depend on the EU data protection rules revisions currently before the EU parliament and the US review of national surveillance activities, both of which are ongoing. US lawmakers continue to debate whether and how to reform NSA data collection.

Cloud Connect Summit, March 31 – April 1 2014, offers a two-day program colocated at Interop Las Vegas developed around "10 critical cloud decisions." Cloud Connect Summit zeros in on the most pressing cloud technology, policy and organizational decisions & debates for the cloud-enabled enterprise. Cloud Connect Summit is geared towards a cross-section of disciplines with a stake in the cloud-enabled enterprise. Register for Cloud Connect Summit today.

Just how are you going to enforce that? By taking the NSA's word for it?

The only way to make this end is for us Americans to get p1ssed off about it enough that we demand the NSA be taken apart and the pieces monitored by civilians, with punishment for garbage like Clapper who does it anyway and lies about it to the congress.

His excuse? "That was the least dishonest thing I could say." Considering that it was a yes/no question with a binary answer, it was also the MOST dishonest thing he could say.

Good luck getting enough stupid rednecks (you know, Americans) to care or even understand what's going on. I wrote to my senators and they responded with an explanation of how it's all legal and okay, and that Snowden is a traitor.

Maybe the 'necks will pay attention now that we know the NSA records what kind of porn people look at.

"Seriously, nations, even friendly nations, have spied on each other since time immemorial"

Yeah, you're right. Making Orwell's 1984 come true is no big deal—I mean, as long as you have nothing to hide, like that unpatriotic Winston Smith.

And our government keeping a list of porn that people look at in case they want to embarass them someday isn't a big deal either.

Well, unless you're one of those anti-American "radicals" who objects to us sending an army of flying robots to blow up their country.

...Or an innocent person who maybe won't like us someday and might become a radical. We should record their porn downloads, too!

And as long as our government is writing down people's porn preferences, we might as well go after those awful pedophiles who look at porn that's legal in every other civilized country, but which would get you decades of prison here in Moral America—you know, videos of 16 or 17 year-old girls.

YOU'VE never looked at any of that, have you?

Okay then! You don't have anything to fear from your out-of-control government recording every single thing you do.

Right?

And even if those unpatriotic Liberals get their way here, it's still okay to tap the phones and monitor the porn of anyone we want in all the other countries because... well, because they're not Americans! Hell, lets tape-record all the phone calls of their prime ministers and presidents! Why should we care what a bunch of foreigners think about what we do to them? It's not like they have anything we want!

Susan, Micro differences can remain and will always remain between states, but it's the macro differences that if left unresolved will cause a lot of problems for both EU businesses and businesses in the U.S.

Imagine a situation where one state gets complete security protection and privacy, and the other does not, I am guessing states like California would push hard to get these benefits because it attracts clients. These benefits act much in the same way as lower SaaS taxes would promote higher SaaS startups to start businesses in a state. Why should New York be left behind or any state for that matter.

It could happen that every state has a very different policy, and if it does happen then an EU business would have to keep track of SaaS businesses by state, just so that the provider has the power to meet their security expectations. Vice-versa, the same will happen to U.S. businesses, they too will have to keep a track of Cloud providers and which country they are physically located in for example, England or France etc.

"Would the dangers of not coming to a reasonable agreement imply that next the states within U.S. would all want different standards."

It might be as the different states always operate as if they were mini-countries within the big land, and we see this happening in law, regulations, rights, etc. They are already accustomed to having different standards, so why not?

Gary, yes a boycott for a boycott is one way to move forward, it is a competitive way. Another possible way could be to try a collaborative way which would involve a lot of compromise and negotiations. Cloud computing is efficient because it creates scale and specialization, limiting a customer base is only going to result in decreased efficiency. So I guess it is in the interest of businesses everywhere to resolve this all by collaboration.

Susan, I think no one should spy on anyone until they is a major concern that leaving things unearth will cause a major incident down the road.

Wouldn't EU and U.S. citizens be safer if the Safe Harbor Agreement was updated to take into consideration both sides? Considering that these economies together mount to around 44% of world production and are almost evenly split. Would the dangers of not coming to a reasonable agreement imply that next the states within U.S. would all want different standards.

"Massive spying on our citizens, companies and leaders is unacceptable," said EU Justice Commissioner Viviane Reding in a statement. "Citizens on both sides of the Atlantic need to be reassured that their data is protected and companies need to know existing agreements are respected and enforced."

I believe that statement is quite reasonable. Whoever thinks otherwise should have a very clear reason to why they would oppose to it. And this shoud be backed up by logic, and critical thinking to have to weight in the argument.

NSA data collection should be limited to US borders. I see no reason whatsoever of why the NSA should spy on European citizens.

At theSlush startup conference I recently attended in Helsinki the NSA spying on Europe was highly critized by prominent government figures, like the President of Estonia, who attended the conference as a speaker. Needless to say that this is a topic that is being critized in all spheres, not only in technology conferences.

I laughed out loud when I read this. I'm imagining a skit on SNL with many of the big timers in our government, even those who don't like each other like Obama, Hillary and Cruz, getting together one evening, reading the printout, laughing, drinking beer and eating pizza, and slapping each other on the back over the tastes and peccadilloes of their European counterparts.

But seriously, nations, even friendly nations, have spied on each other since time immemorial and there is absolutely nothing new about it. And, if they want to boycott any of our commercial offerings over this, I hope we return the favor.

Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.

Among 688 respondents to our Mobile Application Development Survey — up from 350 respondents in 2012 — 46% have deployed mobile apps, with an additional 24% planning to in the next year. What’s the holdup for that remaining 30%? Often, it’s a lack of expertise.